Cracking DES. Secrets of Encryption Research, Wiretap Politics & Chip Design

by the Electronic Frontier Foundation. O'Reilly 1998. 272 pages. $29.95 ISBN 1-56592-520-3

Reviewed by Robert Bruen

The struggle to protect ourselves from the overzealous folks
in Washington DC has been pushed up a notch, a rather large
notch. There is nothing like a little dose of reality to put
an end to debates about what is possible and what is not. The
folks in DC live by words and not by deeds, so as long as they
can stretch out the debate they can keep a certain level of
control over those who do not have the ability to understand
the issues or their consequences.

With the publication of Cracking DES, the debate over the security
of DES is over. It is one of those moments similar to time physicist
Richard Feynman dropped an o-ring into a glass of ice water during
the public hearings on the Challenger disaster. All of the raging
debate simply stopped.

Now the debate over the security of DES simply stops, but new
debates are raised at this point. These days truth is hard to find in DC,
but we must ask the questions about lying by government employees on the
level of a conspiracy between several agencies. There has been much
debate among professionals and a constant defense of DES by government
agencies and individuals. Did all these government employees really
not know how easy it would be to crack DES? If the answer is yes,
then our tax money has been seriously wasted. If no, then the lies
are clear. I may not trust the NSA, but they are not stupid.

Like Diffie and Landau's recent book, Privacy on the Line. The Politics
of Wiretapping and Encryption, this book is an important landmark in
the struggle to keep the freedom and liberties we enjoy. It is most
unfortunate that the struggle is with our own government. Privacy on
the Line was a carefully researched book which exposed the history
of the government lies to keep encryption out of the hands of the
American citizens. Cracking DES helps put encryption back in our
hands. I suggested several years that the most important national
struggle of the times we live in would be about our privacy and civil
rights.

As the pressure mounts on both sides, this will come to pass with
a vengeance. The crux of the problem is the lack of compromise. In
general, national debates have multiple solutions, but encryption
is a binary choice: either we are free to use encryption strong
enough to prevent the government from reading our communications
or we are not. There is no place in between for weak encryption
is no encryption. If the government succeeds in denying its
citizen strong encryption at all times and all places, then the
American fascist state will be born. So far the best weapon
available is technical know-how and the willingness to share it
(engineering as a political tool - curious). Check out your history for
the writings by individuals in the pre-revolution American colonies
to see how it works.

Now, the book itself. It is a quick read if you skip over reading
the code, because the code takes up about 150 pages and the
schematics take up about 15 pages, about two thirds of the book.
The code is meant to be scanned, with instructions on how to
it and where to find tools to help. It is one of the strange quirks
of our laws that allows a book to contain pretty much what we want,
but a web page or an ftp site with same material is not allowed.
It seems to me that since the distribution of books can not
(at least for now) be stopped, they want to make it painful for
everyone to acquire the material. Of course this all becomes
moot once a non-American site appears with code scanned in.

Oops, too late, check out http://www.replay.com/cracking_des/ if you
would rather not go through the effort of scanning it yourself.

I see two main reasons for the book. The first is to confront
the government for its foolishness and the second is to provide
the knowledge of how one builds a DES cracker. All of the hardware
is described by part numbers and vendors. All the code necessary
to run it is included. All that you need is the $210,000 it costs to
build it, although I am sure that the community of free thinkers
could donate parts, expertise and labor to do it for much less
now that a design has been implemented. Like any other product,
it will get cheaper and better over time. The interesting question,
besides the obvious government issues, is how this will play out
in the world of encryption. What else can come of this?

Although most of the book is code, there is good reading as well,
such as the forward by Whit Diffie. There is a section on the technical
description that includes a discussion of the politics involved
and a history of DES cracking. There are also several chapters of
well chosen papers. Lastly, the instructions for building the parts
are clearly presented in detail. While code is important, the
instructions for building the machine are also important. Now if I
only had $210,000 to spare...

Cracking DES is not just recommended reading, but required. This
issue is too important to ignore. I hope there will more efforts
like this and the Diffie/Landau book in the near future.